SlideShare a Scribd company logo

Amazon s3 access control

option0417
option0417

An survey for access control of Amazon S3

Technology
1 of 22
Download to read offline
AWS S3 Access Control Wei De
Scenario 1 Hey~ What’s up~ Let me show something for you. 18 WTF !! People want share something interest with each others.
Scenario 2 Here’s attachment for your reference. ok~ thanks~ Office workers need share information to the customer or colleague.
Scenario 3 ABC Inc. Put Get Put Get Put Get Put Get Put Get Administrator needs to assign permission to someone.
User story 1 As a guest or blocked-user, I can't do anything with file. As a user, I can download file from S3. As a user, I can upload file to S3.
User story 2 As a Group-user, I can download file in my group. As a Group-user, I can upload file in my group.
User story 3 As a Group Admin, I can assign download permission to user who is in my group. As a Group Admin, I can take back the download permission from user who is in my group.
User story 4 As a Group Admin, I can assign download permission to user who is in my group. As a Group Admin, I can take back the download permission from user who is in my group.
User story 5 As a Group Admin, I can assign upload permission to user who is in my group. As a Group Admin, I can take back upload permission form user who is in my group.
User story 6 As a user in Chat-room, I can upload file to others in same chatroom. As a user in Chat-room, I can download file from others in same chatroom.
Limitation Groups per AWS account: 100 Users per AWS account: 5000 Number of groups per user: 10 Roles per AWS account: 250
Solution Classifying the user and group When download or Upload… Use IAM (Identify and Access Management) Use Query String Authentication
Classifier ● Guest / Blocked User ● Normal User ● Group assigned Download user ● Group assigned Upload user ● Group Administrator ● Chat-room User
Query String Authentication 1. Create a query. 2. Specify an expiration time for the query. 3. Sign it with your signature. 4. Distribute the request to a user or embed the request in a web page.
IAM (Identity and Access Management) ● Identity AWS User AWS Group ● Access Management Get, Put, Delete, List Version, Policy, Payment
Example 1 As a user, I can download file from S3.
GeneratePresignedUrlRequest generatePresignedUrlRequest = new GeneratePresignedUrlRequest(bucketName,keyname); generatePresignedUrlRequest.setMethod( ttpMethod.GET); H generatePresignedUrlRequest.setExpiration( new Date(System.currentTimeMillis() + (long)(1000 * 60 * 60)); AmazonS3Client s3Client = new AmazonS3Client(new BasicAWSCredentials(CCESS_KEY, SECRET_ACCESS_KEY)); A URL urlForGet = s3Client.generatePresignedUrl(generatePresignedUrlRequest);
Example 2 As a user, I can upload file to S3.
GeneratePresignedUrlRequest generatePresignedUrlRequest = new GeneratePresignedUrlRequest(bucketName,keyname); generatePresignedUrlRequest.setMethod( ttpMethod.PUT); H generatePresignedUrlRequest.setExpiration( new Date(System.currentTimeMillis() + (long)(1000 * 60 * 60)); AmazonS3Client s3Client = new AmazonS3Client(new BasicAWSCredentials(CCESS_KEY, SECRET_ACCESS_KEY)); A URL urlForPut = s3Client.generatePresignedUrl(generatePresignedUrlRequest);
END

Recommended

Firefox Speed Up: Advanced Tricks Part 1
Firefox Speed Up: Advanced Tricks Part 1Firefox Speed Up: Advanced Tricks Part 1
Firefox Speed Up: Advanced Tricks Part 1SZI Technologies Pvt Ltd
 
A little introduction to kanban
A little introduction to kanbanA little introduction to kanban
A little introduction to kanbanoption0417
 
AWSM2C3.pptx
AWSM2C3.pptxAWSM2C3.pptx
AWSM2C3.pptxRahulDange13
 
Security Day IAM Recommended Practices
Security Day IAM Recommended PracticesSecurity Day IAM Recommended Practices
Security Day IAM Recommended PracticesAmazon Web Services
 
Deep Dive on Amazon S3 Security and Management (E2471STG303-R1) - AWS re:Inve...
Deep Dive on Amazon S3 Security and Management (E2471STG303-R1) - AWS re:Inve...Deep Dive on Amazon S3 Security and Management (E2471STG303-R1) - AWS re:Inve...
Deep Dive on Amazon S3 Security and Management (E2471STG303-R1) - AWS re:Inve...Amazon Web Services
 
(SEC302) IAM Best Practices To Live By
(SEC302) IAM Best Practices To Live By(SEC302) IAM Best Practices To Live By
(SEC302) IAM Best Practices To Live ByAmazon Web Services
 
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on awsAWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on awsAWS Riyadh User Group
 
Saa c02 study notes 2022
Saa c02 study notes 2022Saa c02 study notes 2022
Saa c02 study notes 2022Tafadzwa Mazhambe
 

Recommended

Firefox Speed Up: Advanced Tricks Part 1
Firefox Speed Up: Advanced Tricks Part 1Firefox Speed Up: Advanced Tricks Part 1
Firefox Speed Up: Advanced Tricks Part 1SZI Technologies Pvt Ltd
 
A little introduction to kanban
A little introduction to kanbanA little introduction to kanban
A little introduction to kanbanoption0417
 
AWSM2C3.pptx
AWSM2C3.pptxAWSM2C3.pptx
AWSM2C3.pptxRahulDange13
 
Security Day IAM Recommended Practices
Security Day IAM Recommended PracticesSecurity Day IAM Recommended Practices
Security Day IAM Recommended PracticesAmazon Web Services
 
Deep Dive on Amazon S3 Security and Management (E2471STG303-R1) - AWS re:Inve...
Deep Dive on Amazon S3 Security and Management (E2471STG303-R1) - AWS re:Inve...Deep Dive on Amazon S3 Security and Management (E2471STG303-R1) - AWS re:Inve...
Deep Dive on Amazon S3 Security and Management (E2471STG303-R1) - AWS re:Inve...Amazon Web Services
 
(SEC302) IAM Best Practices To Live By
(SEC302) IAM Best Practices To Live By(SEC302) IAM Best Practices To Live By
(SEC302) IAM Best Practices To Live ByAmazon Web Services
 
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on awsAWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on awsAWS Riyadh User Group
 
Saa c02 study notes 2022
Saa c02 study notes 2022Saa c02 study notes 2022
Saa c02 study notes 2022Tafadzwa Mazhambe
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
 
Automated security analysis of aws clouds v1.0
Automated security analysis of aws clouds v1.0Automated security analysis of aws clouds v1.0
Automated security analysis of aws clouds v1.0CSA Argentina
 
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Amazon Web Services
 
AWS Identity and Access Management and Consolidated Billing
AWS Identity and Access Management and Consolidated BillingAWS Identity and Access Management and Consolidated Billing
AWS Identity and Access Management and Consolidated BillingAmazon Web Services
 
Amazon S3 Masterclass
Amazon S3 MasterclassAmazon S3 Masterclass
Amazon S3 MasterclassAmazon Web Services
 
Amazon S3 Masterclass
Amazon S3 MasterclassAmazon S3 Masterclass
Amazon S3 MasterclassIan Massingham
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM IntroductionAmazon Web Services
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriOWASP Delhi
 
AWS Study Group - Chapter 01 - Introducing AWS [Solution Architect Associate ...
AWS Study Group - Chapter 01 - Introducing AWS [Solution Architect Associate ...AWS Study Group - Chapter 01 - Introducing AWS [Solution Architect Associate ...
AWS Study Group - Chapter 01 - Introducing AWS [Solution Architect Associate ...QCloudMentor
 
Mastering Access Control Policies
Mastering Access Control PoliciesMastering Access Control Policies
Mastering Access Control PoliciesAmazon Web Services
 
Aws iam best practices to live by
Aws iam best practices to live byAws iam best practices to live by
Aws iam best practices to live byJohn Varghese
 
Aws IAM
Aws IAMAws IAM
Aws IAMChamali Liyanage
 
Diving into Common AWS Misconfigurations
Diving into Common AWS MisconfigurationsDiving into Common AWS Misconfigurations
Diving into Common AWS MisconfigurationsNikhil Sahoo
 
AWS Notes.pdf
AWS Notes.pdfAWS Notes.pdf
AWS Notes.pdfTracy Hill
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAMKnoldus Inc.
 
Data Security in the Cloud Demystified – Policies, Protection, and Tools for ...
Data Security in the Cloud Demystified – Policies, Protection, and Tools for ...Data Security in the Cloud Demystified – Policies, Protection, and Tools for ...
Data Security in the Cloud Demystified – Policies, Protection, and Tools for ...Amazon Web Services
 
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...Amazon Web Services
 
Identify and Access Management: The First Step in AWS Security
Identify and Access Management: The First Step in AWS SecurityIdentify and Access Management: The First Step in AWS Security
Identify and Access Management: The First Step in AWS SecurityAmazon Web Services
 
AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)
AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)
AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)Amazon Web Services
 
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?Ken Johnson
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

More Related Content

Similar to Amazon s3 access control

Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
 
Automated security analysis of aws clouds v1.0
Automated security analysis of aws clouds v1.0Automated security analysis of aws clouds v1.0
Automated security analysis of aws clouds v1.0CSA Argentina
 
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Amazon Web Services
 
AWS Identity and Access Management and Consolidated Billing
AWS Identity and Access Management and Consolidated BillingAWS Identity and Access Management and Consolidated Billing
AWS Identity and Access Management and Consolidated BillingAmazon Web Services
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriOWASP Delhi
 
AWS Study Group - Chapter 01 - Introducing AWS [Solution Architect Associate ...
AWS Study Group - Chapter 01 - Introducing AWS [Solution Architect Associate ...AWS Study Group - Chapter 01 - Introducing AWS [Solution Architect Associate ...
AWS Study Group - Chapter 01 - Introducing AWS [Solution Architect Associate ...QCloudMentor
 
Mastering Access Control Policies
Mastering Access Control PoliciesMastering Access Control Policies
Mastering Access Control PoliciesAmazon Web Services
 
Aws iam best practices to live by
Aws iam best practices to live byAws iam best practices to live by
Aws iam best practices to live byJohn Varghese
 
Diving into Common AWS Misconfigurations
Diving into Common AWS MisconfigurationsDiving into Common AWS Misconfigurations
Diving into Common AWS MisconfigurationsNikhil Sahoo
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAMKnoldus Inc.
 
Data Security in the Cloud Demystified – Policies, Protection, and Tools for ...
Data Security in the Cloud Demystified – Policies, Protection, and Tools for ...Data Security in the Cloud Demystified – Policies, Protection, and Tools for ...
Data Security in the Cloud Demystified – Policies, Protection, and Tools for ...Amazon Web Services
 
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...Amazon Web Services
 
Identify and Access Management: The First Step in AWS Security
Identify and Access Management: The First Step in AWS SecurityIdentify and Access Management: The First Step in AWS Security
Identify and Access Management: The First Step in AWS SecurityAmazon Web Services
 
AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)
AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)
AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)Amazon Web Services
 
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?Ken Johnson
 

Similar to Amazon s3 access control (20)

Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
Automated security analysis of aws clouds v1.0
Automated security analysis of aws clouds v1.0Automated security analysis of aws clouds v1.0
Automated security analysis of aws clouds v1.0
 
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
 
AWS Identity and Access Management and Consolidated Billing
AWS Identity and Access Management and Consolidated BillingAWS Identity and Access Management and Consolidated Billing
AWS Identity and Access Management and Consolidated Billing
 
Amazon S3 Masterclass
Amazon S3 MasterclassAmazon S3 Masterclass
Amazon S3 Masterclass
 
Amazon S3 Masterclass
Amazon S3 MasterclassAmazon S3 Masterclass
Amazon S3 Masterclass
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM Introduction
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit Giri
 
AWS Study Group - Chapter 01 - Introducing AWS [Solution Architect Associate ...
AWS Study Group - Chapter 01 - Introducing AWS [Solution Architect Associate ...AWS Study Group - Chapter 01 - Introducing AWS [Solution Architect Associate ...
AWS Study Group - Chapter 01 - Introducing AWS [Solution Architect Associate ...
 
Mastering Access Control Policies
Mastering Access Control PoliciesMastering Access Control Policies
Mastering Access Control Policies
 
Aws iam best practices to live by
Aws iam best practices to live byAws iam best practices to live by
Aws iam best practices to live by
 
Aws IAM
Aws IAMAws IAM
Aws IAM
 
Diving into Common AWS Misconfigurations
Diving into Common AWS MisconfigurationsDiving into Common AWS Misconfigurations
Diving into Common AWS Misconfigurations
 
AWS Notes.pdf
AWS Notes.pdfAWS Notes.pdf
AWS Notes.pdf
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAM
 
Data Security in the Cloud Demystified – Policies, Protection, and Tools for ...
Data Security in the Cloud Demystified – Policies, Protection, and Tools for ...Data Security in the Cloud Demystified – Policies, Protection, and Tools for ...
Data Security in the Cloud Demystified – Policies, Protection, and Tools for ...
 
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
 
Identify and Access Management: The First Step in AWS Security
Identify and Access Management: The First Step in AWS SecurityIdentify and Access Management: The First Step in AWS Security
Identify and Access Management: The First Step in AWS Security
 
AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)
AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)
AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)
 
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
 

Recently uploaded

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 

Recently uploaded (20)

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 

Amazon s3 access control

  • 2. Scenario 1 Hey~ What’s up~ Let me show something for you. 18 WTF !! People want share something interest with each others.
  • 3. Scenario 2 Here’s attachment for your reference. ok~ thanks~ Office workers need share information to the customer or colleague.
  • 5. User story 1 As a guest or blocked-user, I can't do anything with file. As a user, I can download file from S3. As a user, I can upload file to S3.
  • 6. User story 2 As a Group-user, I can download file in my group. As a Group-user, I can upload file in my group.
  • 7. User story 3 As a Group Admin, I can assign download permission to user who is in my group. As a Group Admin, I can take back the download permission from user who is in my group.
  • 8. User story 4 As a Group Admin, I can assign download permission to user who is in my group. As a Group Admin, I can take back the download permission from user who is in my group.
  • 9. User story 5 As a Group Admin, I can assign upload permission to user who is in my group. As a Group Admin, I can take back upload permission form user who is in my group.
  • 10. User story 6 As a user in Chat-room, I can upload file to others in same chatroom. As a user in Chat-room, I can download file from others in same chatroom.
  • 11. Limitation Groups per AWS account: 100 Users per AWS account: 5000 Number of groups per user: 10 Roles per AWS account: 250
  • 12. Solution Classifying the user and group When download or Upload… Use IAM (Identify and Access Management) Use Query String Authentication
  • 13. Classifier ● Guest / Blocked User ● Normal User ● Group assigned Download user ● Group assigned Upload user ● Group Administrator ● Chat-room User
  • 14. Query String Authentication 1. Create a query. 2. Specify an expiration time for the query. 3. Sign it with your signature. 4. Distribute the request to a user or embed the request in a web page.
  • 15. IAM (Identity and Access Management) ● Identity AWS User AWS Group ● Access Management Get, Put, Delete, List Version, Policy, Payment
  • 16. Example 1 As a user, I can download file from S3.
  • 17.
  • 18. GeneratePresignedUrlRequest generatePresignedUrlRequest = new GeneratePresignedUrlRequest(bucketName,keyname); generatePresignedUrlRequest.setMethod( ttpMethod.GET); H generatePresignedUrlRequest.setExpiration( new Date(System.currentTimeMillis() + (long)(1000 * 60 * 60)); AmazonS3Client s3Client = new AmazonS3Client(new BasicAWSCredentials(CCESS_KEY, SECRET_ACCESS_KEY)); A URL urlForGet = s3Client.generatePresignedUrl(generatePresignedUrlRequest);
  • 19. Example 2 As a user, I can upload file to S3.
  • 20.
  • 21. GeneratePresignedUrlRequest generatePresignedUrlRequest = new GeneratePresignedUrlRequest(bucketName,keyname); generatePresignedUrlRequest.setMethod( ttpMethod.PUT); H generatePresignedUrlRequest.setExpiration( new Date(System.currentTimeMillis() + (long)(1000 * 60 * 60)); AmazonS3Client s3Client = new AmazonS3Client(new BasicAWSCredentials(CCESS_KEY, SECRET_ACCESS_KEY)); A URL urlForPut = s3Client.generatePresignedUrl(generatePresignedUrlRequest);
  • 22. END